Detections
Analytics

CVE-2026-34606

medium

Description

Frappe Learning Management System (LMS) is a learning system that helps users structure their content. From version 2.27.0 to before version 2.48.0, Frappe LMS was vulnerable to stored XSS. This issue has been patched in version 2.48.0.

References

https://github.com/frappe/lms/security/advisories/GHSA-qf5w-r34q-c7j2

https://github.com/frappe/lms/releases/tag/v2.48.0

https://github.com/frappe/lms/pull/2185

https://github.com/frappe/lms/commit/b8283860a7f029ea2fa0245131c398c079088921

Details

Source: Mitre, NVD

Published: 2026-04-02

Updated: 2026-04-07

Risk Information

CVSS v2

Base Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Medium

CVSS v4

Base Score: 6.9

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Severity: Medium

EPSS

EPSS: 0.00047